One thing that always strikes me as a non-cryptographer: Why is it so important to use prime numbers? What makes them so special in cryptography? Does anyone have a simple short explanation? (I am aware that there are many primers and that Applied Cryptography is the Bible, but as said: I am not looking to … Read more
My team got handed over some server side code (in Java) that generates random tokens and I have a question regarding the same – The purpose of these tokens is fairly sensitive – used for session id, password reset links etc. So they do need to be cryptographically random to avoid somebody guessing them or … Read more
I’m having some trouble understanding the purpose of a salt to a password. It’s my understanding that the primary use is to hamper a rainbow table attack. However, the methods I’ve seen to implement this don’t seem to really make the problem harder. I’ve seen many tutorials suggesting that the salt be used as the … Read more
How can I hash some string with sha256 in Java? 16 Answers 16
What is the simplest way of doing two way encryption in common PHP installs? I need to be able to encrypt data with a string key, and use the same key to decrypt on the other end. The security isn’t as big of a concern as the portability of the code, so I’d like to … Read more
What I mean is: Original String + Salt or Key –> Encrypted String Encrypted String + Salt or Key –> Decrypted (Original String) Maybe something like: “hello world!” + “ABCD1234” –> Encrypt –> “2a2ffa8f13220befbe30819047e23b2c” (may be, for e.g) “2a2ffa8f13220befbe30819047e23b2c” –> Decrypt with “ABCD1234” –> “hello world!” In PHP, how can you do this? Attempted to … Read more
Someone told me that he has seen software systems that: retrieve MD5 encrypted passwords from other systems; decrypt the encrypted passwords and store the passwords in the database of the system using the systems own algorithm. Is that possible? I thought that it wasn’t possible / feasible to decrypt MD5 hashes. I know there are … Read more
I’ve always used a proper per-entry salt string when hashing passwords for database storage. For my needs, storing the salt in the DB next to the hashed password has always worked fine. However, some people recommend that the salt be stored separately from the database. Their argument is that if the database is compromised, an … Read more
I’m not sure how password hashing works (will be implementing it later), but need to create database schema now. I’m thinking of limiting passwords to 4-20 characters, but as I understand after encrypting hash string will be of different length. So, how to store these passwords in the database? 10 Answers 10
When I try to install the Cryptography package for Python through either pip install cryptography or by downloading the package from their site and running python setup.py, I get the following error: D:\Anaconda\Scripts\pip-script.py run on 02/27/14 16:13:17 Downloading/unpacking cryptography Getting page https://pypi.python.org/simple/cryptography/ URLs to search for versions for cryptography: * https://pypi.python.org/simple/cryptography/ Analyzing links from page … Read more
